Security & Safety Resource Center

Sometimes a search engine will return highly ranked results that nevertheless aren’t safe to visit. Maybe these pages have expired certificates or unusual redirects that haven’t gotten them flagged for removal yet — scammers are always trying to stay ahead. Your browser, or internet security software like Total Defense will usually warn you that they could be malware-laced traps. It’s best to heed these warnings and close the tab.

OpenStreetMap is run by a nonprofit organization, and it’s updated by the very people who use it. Anyone can create an account and add pictures or other information to make location details more accurate. You do not need to log into your account to use the app, and there are no ads. Some limited data is collected, but it’s not linked to profiles, so your privacy remains secure while using the app.

If you don’t want your smart speaker hearing your conversations, but you don’t want the hassle of consistently muting and unmuting it or using a voice remote, you can try Paranoid. Paranoid is a device that sits on the mute button of the smart speaker and only turns it off when it hears the wake word, ‘“Paranoid’.” After you give your command, Paranoid mutes the device immediately.

If you buy something online, the vendor should send tracking information as soon as the item is shipped. If it’s been a few days outside of their shipping window, try contacting the vendor to see what the delay is. If you don’t hear anything back, it’s possible that it was a fraudulent organization, and it might be time to get your bank involved. They’ll hold the charge on your credit card while they investigate the issue.

When paying with a credit card, the vendor does not receive direct access to your money. Instead, they receive money from your bank, and then the bank bills you at the end of the month. This protects your money from fraudulent vendors and individuals who get their hands on your credit card information.

If you see a deal while shopping online that seems like it’s too good to be true, there’s a decent chance that it is. Be sure to compare the price of the item to the prices of similar items on websites you know are legitimate. Also, check to make sure that the organization is real by looking up customer reviews or finding location or contact information.

If your password is stored, your profile and any account information you have provided on that site is readily available if an attacker gains access to your computer, especially on your banking and financial sites. Additionally, evaluate your settings on social networking websites. The nature of those sites is to share information, but you should restrict access to limit exposure of personal private information.

You might want to limit the amount of personal information readily available in your Google Nest device to protect against hackers or guests in your home whom you don’t know very well yet. If that’s the case, you can disable personal results on your Google Nest device, because it keeps track of private information like your schedule, shopping list and more. To do this:

• Tap Device in your Google Home menu.
• Tap Settings.
• Tap More.
• Scroll down to Personal Results and turn it off.

It’s common to have loads of apps on your devices, many of which you might not have opened in months or even years. Unless they include vital information or functionality, it’s usually sensible to delete them. Not only will you free up space, you’ll save yourself problems arising from their use of outdated or vulnerable features.

If your Alexa device hears you incorrectly, it might send a text message or email you did not intend, or it might call someone you didn’t mean to call. Disable the address book sharing feature on your Alexa device to prevent this. To block your address book:

• Open Conversations in the Alexa app.
• Tap the Contact List icon.
• Tap Block Contacts.

Please don’t reply to — or click on — a link for a random text message you see on your phone saying that you’ve won a prize, gift card or an expensive electronic like an iPad. It’s most likely a scam. Delete random texts, especially those that ask you to enter a special code, or to confirm or provide personal information by following a link to a website. These are almost always bogus sites that exist to access your information.

Houseparty is a videoconferencing app that does not require a link to access a meeting. Instead, when you log into houseparty, you can see which of your friends are “in the house,” and join their conference without permission — unless their room is locked. You should keep your Houseparty room locked at all times that you are not letting a friend in. To lock a room, simply click the padlock symbol at the bottom of the screen.

If you allow a stranger into a Zoom meeting, they can potentially see personal information in your background. Even if that’s not a risk, the stranger could still harass you or disrupt an important Zoom meeting. A waiting room requires that people request access to the meeting, and you can decide to let them in once you see their name. To set up a waiting room:

• Go to Settings.
• Click In Meeting (Advanced).

Toggle the button next to Waiting Room.

Some ATMs automatically print receipts without asking your preference. If you leave a receipt at the ATM — or even if you take it, and it falls out of your pocket — someone could gain access to your bank account or deposit information. If you do your banking online from the privacy of your home (preferably using a VPN), your information might be safer.

If your email address or phone is compromised, a hacker might attempt to access your Twitter account by resetting your password. In order to catch any attempts to do this, you should set additional requirements for requesting a password reset. You can set up your account so that you have to enter a code sent to both your phone and your email instead of one or the other, which adds a layer of security. To do this:

• Go to your account.
• Check the box next to Password Reset Protection under Security.
• Add your email address and phone number.

Your choice of email addresses may affect the amount of spam you receive. Spammers send out millions of messages to probable name combinations at large ISPs and email services, hoping to find a valid address. Thus, a common name such as jdoe may get more spam than a more unique name like g28r03k9. Of course, there is a downside – it’s harder to remember an unusual email address.

Alexa devices only store relevant information, but if you would like to make sure it only records you when you speak specifically to it, you can turn off the microphone and only talk to it through the voice remote, which comes with the device. To turn off the microphone, just push the mute button on the device. To use the voice remote, press and hold the talk button until you hear the sound, and then give your command.

The Federal Trade Commission (FTC) recently warned about potential scams related to the coronavirus. Now that vaccines are being rolled out and people are waiting their turns, scammers may contact people and tell them that they can sign up for a vaccine by providing personal information. Research where vaccines are being offered in your area and sign up through their website, not an organization you’ve never heard of.

Check the privacy policy before you submit your email address to a website. See if it allows the company to sell your email to others. You might decide not to submit your email address to websites that won’t protect it.

When submitting your email address to a website, look for pre-checked boxes that sign you up for email updates from the company and its partners. Some websites allow you to opt out of receiving these mass emails.

DoorDash tells its customers, “No one from DoorDash will ever request your password or security code, nor will anyone from DoorDash ever give you a specific password you should use.” A scammer may try to steal your personal information by sending a text message or calling and pretending to be Support. They may even know information about your most recent order to make the attempt sound more convincing. If they ask for your password or any personal information, don’t give it to them — it’s a scam.

If your VPN malfunctions, you will be automatically connected to your regular internet network. With a kill switch enabled, preselected programs will automatically quit so that you do not end up using personal accounts on a less secure network. Make sure to preselect all of the accounts that contain private information, like your bank account.

Do Not Track is a setting in most internet browsers that allows you to express your preference not to be tracked across the web. Turning on Do Not Track through your web browser sends a signal to every website you visit that you don’t want to be tracked from site to site. Companies then know your preference. If they have committed to respect your Do Not Track preference, they are legally required to do so. However, many tracking companies today have not committed to honoring users’ Do Not Track preferences.

When you access mobile applications, companies don’t have access to traditional browser cookies to track you over time. Instead, third party advertising and analytics companies use device identifiers — such as Apple iOS’s Identifiers for Advertisers (“IDFA”) and Google Android’s Advertising ID — to monitor the different applications used on a particular device.

UPnP is what allows your devices to recognize each other because they are on the same network. For example, if you buy a new printer and connect it to your Wi-Fi, it might recognize your computer automatically. While UPnP is convenient, it makes it less complicated for hackers to access your accounts. You can turn off UPnP on your router.

If you forget to sign out of your Facebook profile from a public or shared computer, you can and should do so remotely to ensure that your account is secure. To do this:

• Log into Facebook on another device.
• Go to Security and Login Settings.
• Go to Where You’re Logged In.
• Find the session you want to end.
• Click the three dots next to the listing.
• Click Log Out.

Device fingerprinting can track devices over time, based on your browser’s configurations and settings. Because each browser is unique, device fingerprinting can identify your device, without using cookies. Since device fingerprinting uses the characteristics of your browser configuration to track you, deleting cookies won’t help. Device fingerprinting technologies are evolving and can be used to track you on all kinds of internet-connected devices that have browsers, such as smart phones, tablets, laptop and desktop computers.

Peer-to-peer (P2P) websites are fraught with risk. To share files, like games and music, through a peer-to-peer (P2P) network, you download software that connects your computer to other computers running the same software – sometimes giving access to millions of computers at a time. This has a number of risks. You could mistakenly download malware, pirated or copyrighted material, or pornography, or allow strangers to access and share your personal files. Best not to visit P2P sites to begin with.

When searching for a VPN, be sure to look at the company’s terms of service to ensure it’s a no-log VPN. This means the network will not save any of your personal information. You remain anonymous, even to the VPN provider. This ensures that even if someone is able to hack into your network, there won’t be much data available to them.

If you need to use your laptop in a crowded place, as airplanes and airports can be, you could be in very close proximity to other people. Privacy screens make it difficult for people to decipher what’s shown on the computer unless they are looking at it from directly in front and at very close range.

Having multiple email accounts can be beneficial to your cybersecurity, though it may appear like more trouble than it’s worth. A system like this lets you avoid giving out your personal email to email newsletters and marketing campaigns, which can reduce the risk of phishing and limit the volume of spam might receive.

If you decide to shop from an e-commerce website you’re unfamiliar with, it’s important to take precautions to ensure that it’s a legitimate business. One way you can do this is by looking up the domain name on Whois, which will tell you who owns the domain name or IP address as well as the registrar through which it was purchased.